sohop 是一个反向代理,可以选择性地限制对使用 OAuth 进行身份验证的用户的访问权限。它还提供一个运行状况检查端点,用于报告上游服务的可达性。
sohop 可以在保持限制访问的情况下,公开原有的内部应用到公共互联网,而不必在应用本身配置认证/授权。
Usage
Usage of sohop: -config string Config file (default "config.json") -httpAddr string Address to bind HTTP server (default ":80") -httpsAddr string Address to bind HTTPS server (default ":443")
配置示例
{
"Domain": "example.com",
"Cookie": {
"Name": "exampleauth",
"Secret": "3c0767ada2466a92a59c1214061441713aeafe6d115e29aa376c0f9758cdf0f5"
},
"Auth" : {
"Type": "github-org",
"Config": {
"ClientID": "12345678",
"ClientSecret": "12345678",
"OrgID": 12345678
}
},
"TLS": {
"CertFile": "cert.pem",
"CertKey": "key.pem"
},
"Upstreams": {
"intranet": {
"URL": "http://10.0.0.16:8888",
"HealthCheck": "http://10.0.0.16:8888/login",
"WebSocket": "ws://10.0.0.16:8888",
"Auth": true,
"Headers": { "X-WEBAUTH-USER":["{{.Session.Values.user}}"] }
},
"public": {
"URL": "http://10.0.0.16:8111",
"HealthCheck": "http://10.0.0.16:8111/login.html",
"WebSocket": "ws://10.0.0.16:8111",
"Auth": false
}
}
}
{
"Domain": "example.com",
"Auth" : {
"Type": "gmail-regex",
"Config": {
"Credentials": {"web":{"client_id":"XXXX-yyyyyy.apps.googleusercontent.com","project_id":"example","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"zzzzZZzzZZ","redirect_uris":["https://oauth.example.com/authorized"]}},
"EmailRegex":"^davars@gmail.com$"
}
},
"Upstreams": {
...
}
}
